Closed Bug 571365 Opened 15 years ago Closed 15 years ago

Upgrade MediaWiki to 1.15.4 to Address Security Issues (XSS, CSRF)

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 571351

People

(Reporter: mcoates, Unassigned)

References

(
URL
)

Details

(Whiteboard: [infrasec:vuln])

Michael Coates [:mcoates] (acct no longer active)

Reporter

Description

•

15 years ago

intranet.mozilla.org is currently using MediaWiki version 1.15.3. MediaWiki has recently released version 1.15.4 to address several security issues including a cross site scripting vulnerability and CSRF flaw. We'll need to upgrade MediaWiki as soon as possible since these security flaws are publicly known. http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html

Michael Coates [:mcoates] (acct no longer active)

Reporter

Comment 1

•

15 years ago

wiki-europe.mozilla.org also uses mediawiki but the URL resolves to the same public ip address as intranet.mozilla.org. Let me know if these are not using the same back-end mediawiki and I'll file a seperate bug.

Reed Loden [:reed]

Updated

•

15 years ago

Status: NEW → RESOLVED

Closed: 15 years ago

Resolution: --- → DUPLICATE

Yvan Boily [:ygjb][:yvan]

Updated

•

13 years ago

Group: websites-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Upgrade MediaWiki to 1.15.4 to Address Security Issues (XSS, CSRF)

Categories

(Websites :: Other, defect)

Tracking

(Not tracked)

People

(Reporter: mcoates, Unassigned)

References

(
URL
)

Details

(Whiteboard: [infrasec:vuln])

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated